Cisco patched critical flaws in 900 series routers and Prime Home server

Cisco issued patches for two critical vulnerabilities affecting several products, including Cisco 900 Series Routers and Cisco Prime Home servers.

Cisco has issued patches for two critical vulnerabilities affecting several products, including Cisco 900 Series Routers and Cisco Prime Home server and cloud-based network management platform.

The company published two security advisories to report the issues to his customers. One of the security advisories warns service providers running Cisco ASR 900 Series routers of a flaw, tracked as CVE-2016-6441, in the Transaction Language 1 (TL1) code of the router. This flaw could be exploited remotely by an unauthenticated attacker to execute arbitrary code or force the reload of the affected equipment.

“The vulnerability exists because the affected software performs incomplete bounds checks on input data. An attacker could exploit this vulnerability by sending a malicious request to the TL1 port, which could cause the device to reload. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system.”

The company has made available the updates to fix the flaw and also workarounds to temporarily address the vulnerability.

The second flaw is a critical authentication bypass vulnerability, tracked as CVE-2016-6452, that resides in the web-based graphical user interface of Cisco Prime Home. The flaw could be exploited by a remote attacker to bypass authentication.

The flaw could be exploited by sending a crafted HTTP request to a specific URL that allow the attacker to obtain a valid session identifier for an arbitrary user.

“A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges.” reads the advisory published by Cisco. “The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request to a particular URL. An exploit could allow the attacker to obtain a valid session identifier for an arbitrary user, which would allow the attacker to perform any actions in Cisco Prime Home for which that user is authorized—including users with administrator privileges.”

Share On

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.